The general problem is to provide a device capable of transmitting in a secure manner a set of high visual quality films in an MPEG type format directly to a television screen and/or to be recorded on the hard disk of a box connecting the remote transmission network to the television screen, while preserving the audiovisual quality but preventing any fraudulent use such as the possibility of making pirate copies of films or audiovisual programs recorded on the hard disk of the decoder box.
With the presently available solutions, it is possible to transmit films and audiovisual programs in digital form via broadcast networks of the airwaves, cable, satellite, etc. type or via DSL (Digital Subscriber Line) type telecommunication networks or LRL (local radio loop) networks or via DAB (Digital Audio Broadcasting) networks. Moreover, in order to prevent pirating of works broadcast in this manner, these works are often encrypted by various means well known to the expert in the field.
However, the principal disadvantage of presently available solutions such as in WO 00/165762 is that it is necessary to transmit not only the encrypted data to the users but also the decryption keys. Transmission of the decryption keys can be performed prior to, at the same time as or after transmission of the audiovisual programs. In order to increase the security and thus the protection of the audiovisual works against ill-intentioned use, the decryption keys as well as the decryption functions of the audiovisual decoders can comprise enhanced security means such as smart cards or other physical keys that can optionally be updated remotely.
Thus, the presently available solutions applied to a decoder box with the ability of local recording of audiovisual programs in digital form on a support of any type such as a hard disk or other type of memory provides an ill-intentioned user the possibility of making unauthorized copies of the programs recorded in this manner because at any given moment this user has with his digital decoder box associated or not with smart card systems all of the information, software programs and data enabling the complete decryption of the audiovisual programs. Precisely because of the fact that he possesses all of the data, the ill-intentioned user would have the possibility of making illegal copies without anybody becoming aware of this fraudulent copying when it is performed.
One solution would therefore consist of transmitting all or part of a digital audiovisual program solely on demand (on demand video services) via a broad-band telecommunication network of the DSL, cable or satellite type without authorizing the local recording of the audiovisual programs. The disadvantage there is completely different and stems from the performances of these network which do not make it possible to guarantee continuous flows of several megabits per second to each user as required by MPEG flows which require pass bands from several hundreds of kilobits to many megabits per second.
Under these conditions, one solution consists of separating the flow into two parts neither of which could be used by itself. Many patents have been filed in the context of this approach. We thus know from WO 09/908428 a method for the multiapplication processing of a localizable active terminal in which there is implemented at least one link with an identifiable program dedicated to the execution of an application, said program dictating its operating conditions to the terminal for the setting up of its functions. The terminal dialogues in a punctiform manner by using a link with the management center for the implementation, if necessary, of the inputs and outputs of the capacities of this center with the management center optionally becoming the slave of the terminal at the application level in relation to the incoming program. That invention also pertains to the method for the identification of the program and the terminal in operating mode. That method of the prior art divides the flow into a part used for identifying the user and a part that contains the actual program itself. In particular, the program is not unusable but merely made inaccessible by the first part.
In addition, EP 0778513 describes a method enabling prevention of illegal use of an information unit by adding to it a control information unit in order to verify the rights of the user. The system makes it possible to remain permanently informed as to which part of the information unit is used and by which user and thereby to be informed as to whether or not this user is in an illegal position. That method thus makes the data secure by adding additional information units which distort the initial information.
WO 00/49483 also provides methods and systems for creating a link between the users and an editor of digitized entities. The method comprises at least one of the following steps: the step of subdividing said digitized entity into two parts; the step of storing one part in memory in a server connected to a computer-based network; the step of transmitting the other part to at least one user who has available computer-based equipment; the step of connecting said computer-based equipment to said computer-based network; the step of establishing a functional link between said first part and said second part. Those methods and systems do not specify whether the part stored in memory on the server can be stored by the user, which would enable the user to pirate said digitized entity.
Lastly, with regard to this approach, the closest state of the art is found in the patents of HyperLOCK Technologies, the most pertinent of which is U.S. Pat. No. 5,937,164. That invention uses the solution comprised of separating the flow into two parts, the smaller one of which holds an information unit required for the use of the larger part. That patent nevertheless is not sufficient for resolving the identified problem. In fact, suppression of a part of the flow distorts the format of the flow which then cannot be recognized as a standard flow that can be run with general software applications. That method of the prior art requires both a specific software program at the server side for the separation of the two parts, and another specific software program enabling not only the reconstruction of the flow but also the acquisition of the principal flow and its management according to a format proprietary to the solution. That proprietary format is not the initial format of the flow prior to separation into two parts in this known solution.
U.S. Pat. No. 5,892,825 returns to the approach of the preceding patent but in a narrower framework because the flows are still encrypted; U.S. Pat. No. 6,035,329 is based on the same principle and pertains to a method enabling the reading of a CD-ROM or DVD-ROM disk contingent on the identification of the rights by the insertion of a smart card on which the information required for reading are stored. That method is still not adequate for our problem because it does not ensure that the modified flow is of the same format as the original flow. Finally, U.S. Pat. No. 6,185,306 pertains to a method for the transmission of encrypted data from a Web site to a requesting computer. That method, however, makes it possible for the user to have available at a given moment the tools required for copying the data.